refactor vnc post module

this adds Metasploit::Credential functionality to
the post/windows/gather/credentials/vnc module
it also fixes a hostname resolution issue on windows
hashdump that could occur when the peerhost is an unresolved
hostname
bug/bundler_fix
David Maloney 2014-05-30 14:27:44 -05:00
parent 782c8bd172
commit 1e2ae16713
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
2 changed files with 72 additions and 30 deletions

View File

@ -8,7 +8,7 @@
require 'msf/core' require 'msf/core'
require 'rex' require 'rex'
require 'msf/core/auxiliary/report' require 'msf/core/auxiliary/report'
require 'rex/proto/rfb'
class Metasploit3 < Msf::Post class Metasploit3 < Msf::Post
@ -224,37 +224,79 @@ class Metasploit3 < Msf::Post
e[:port] = 5900 e[:port] = 5900
end end
print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}") print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}")
if session.db_record
source_id = session.db_record.id service_data = {
else address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
source_id = nil port: e[:port],
end service_name: 'vnc',
report_auth_info( protocol: 'tcp',
:host => session.sock.peerhost, workspace_id: myworkspace_id
:sname => 'vnc', }
:pass => "#{e[:pass]}",
:port => "#{e[:port]}", # Assemble data about the credential objects we will be creating
:source_id => source_id, credential_data = {
:source_type => "exploit", origin_type: :session,
:type => 'password' session_id: session_db_id,
) post_reference_name: self.refname,
private_type: :password,
private_data: "#{e[:pass]}"
}
# Merge the service data into the credential data
credential_data.merge!(service_data)
# Create the Metasploit::Credential::Core object
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data ={
access_level: 'interactive',
core: credential_core,
status: Metasploit::Credential::Login::Status::UNTRIED
}
# Merge in the service data and create our Login
login_data.merge!(service_data)
login = create_credential_login(login_data)
end end
if e[:viewonly_pass] != nil if e[:viewonly_pass] != nil
print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}") print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}")
if session.db_record
source_id = session.db_record.id service_data = {
else address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
source_id = nil port: e[:port],
end service_name: 'vnc',
report_auth_info( protocol: 'tcp',
:host => session.sock.peerhost, workspace_id: myworkspace_id
:sname => 'vnc', }
:viewonly_pass => "#{e[:viewonly_pass]}",
:port => "#{e[:port]}", # Assemble data about the credential objects we will be creating
:source_id => source_id, credential_data = {
:source_type => "exploit", origin_type: :session,
:type => 'password_ro' session_id: session_db_id,
) post_reference_name: self.refname,
private_type: :password,
private_data: "#{e[:viewonly_pass]}"
}
# Merge the service data into the credential data
credential_data.merge!(service_data)
# Create the Metasploit::Credential::Core object
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data ={
access_level: 'view_only',
core: credential_core,
status: Metasploit::Credential::Login::Status::UNTRIED
}
# Merge in the service data and create our Login
login_data.merge!(service_data)
login = create_credential_login(login_data)
end end
} }
unload_our_hives(userhives) unload_our_hives(userhives)

View File

@ -69,7 +69,7 @@ class Metasploit3 < Msf::Post
# Assemble the information about the SMB service for this host # Assemble the information about the SMB service for this host
service_data = { service_data = {
address: session.sock.peerhost, address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
port: 445, port: 445,
service_name: 'smb', service_name: 'smb',
protocol: 'tcp', protocol: 'tcp',